The Cybersecurity Information Sharing Act (CISA, S. 754) authorizes operation of countermeasures. These could include deployment of hazardous software that can damage external systems, data, and devices. CISA authorizes operation of countermeasures notwithstanding any other law. The limitations on this authorization are insufficient to prevent harms.

Recently, the Technical Architecture Group (TAG) of the World Wide Web Consortium (W3C), a group within the W3C charged with stewardship of the Web’s architecture, released a statement that “unsanctioned tracking” is harmful to the web. Specifically, the TAG noted three types of unsanctioned tracking technologies that are especially harmful to users’ privacy: browser fingerprinting, super cookies, and header enrichment.

New Hampshire became the ninth state to enact legislation reigning in warrantless law enforcement access to location records generated by cell phones and other electronic devices. Location records show where you are and have been, based on communications between your mobile device and the nearest cellular tower, and other electronic location tracking techniques such as GPS. The New Hampshire legislation prohibits the government from obtaining “location information from an electronic device without a warrant issued by a judge based on probable cause and on a case-by-case basis.”

A broad coalition of civil society filed comments with the Bureau of Industry and Security (BIS) in the U.S. Department of Commerce on their proposed implementation of new export control rules for “cybersecurity software”. The new controls are intended to prevent the export of digital surveillance tools to nation-state-level actors who plan to use them to spy on their citizens, but also limit the export of encryption technologies.

If you’ve used the internet, you’ve probably created a password. There’s a lot of advice out there about creating passwords: use uppercase! use lowercase! Use numbers! Symbols! Don’t use a dictionary word! Use many dictionary words in a passphrase! There is so much advice, and so much of it is conflicting, and often it comes without any explanation. In this post, I’ll detail what a good password is (and why), give you some tools to help remember your password, and give a few other simple ways to help protect your account.

Senators Graham and Whitehouse are circulating draft cybercrime legislation, with several provisions modifying the Computer Fraud and Abuse Act (CFAA) – 18 USC 1030, the primary anti-hacking law of the United States. The draft bill is called the “International Cybercrime Prevention Act of 2015″ and aims to crack down on theft of trade secrets and malicious hacking. Overall, the draft bill would exacerbate, not eliminate, the harshness, over breadth, and confusion with the CFAA.

The European Parliament Committee on Industry, Research, and Energy has approved an informal proposal on the Telecoms Single Market regulation. This moves the regulation another step closer to becoming law, with a plenary vote likely sometime this fall. The proposed regulation goes a long way towards protecting the open Internet. Although far from perfect, the agreed-upon text is a significant accomplishment that at times seemed exceedingly unlikely.

In a plenary session, the European Parliament voted yesterday to adopt a report on “the harmonization of certain aspects of copyright and related rights in the information society.” In a previous post, we applauded the report’s recognition of the importance of balanced copyright while lamenting over some the elements of the draft report that failed to make their way into the text adopted by Parliament’s legal affairs committee (JURI). Even with deletions and alterations, the report highlights the need for minimum baseline of copyright limitations and exceptions across the Union. The text of the report remains largely unchanged since its adoption by JURI, but a few late amendments made important improvements to the report.

Last week, the Senate Intelligence Committee passed a version of the Intelligence Authorization Act for FY 2016 (S. 1705) that would create a new “duty to report” apparent “terrorist activity” for providers of electronic communication services, which include online content hosts, internet service providers, and public libraries and coffee shops that offer WiFi access. The ramifications of this provision, which was introduced through a secret, closed-door committee process, are immense.

Wednesday there were two Senate Hearings on encryption and law enforcement access. Despite the fact that only 0.1% of wiretaps last year encountered encryption that could not be deciphered, the FBI has been arguing that it is “going dark” – that, increasingly, they encounter communications they can’t get access to, despite having a warrant. It’s clear from today’s hearings that the tide in the encryption debate has shifted: the FBI stated explicitly that it doesn’t have a proposed solution or a legislative proposal, and is punting to the tech industry to provide solutions. However, they’re asking industry to invent something that is intrinsically impossible.